Slashdot Mirror
Microsoft Locking Out Anti-Virus Makers?
twitter writes "Anti-virus makers have more to fear than stonewalling by Microsoft if a report by Agnitum, maker of Outpost Personal Firewall, is right about recent trusted computing changes. All the problems were summarized in a choice Register quote, 'In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers.'"
As someone who has written drivers for Windows before I think Microsoft's patch is a step in the right direction. It is simply too easy to spy on the user and hide the driver under the current system. If that means that anti-virus software has to be updated, and has to bug the user with more "are you sure this is OK" boxes ... well tough, sometimes that is the price of security.
Philosophy.
By making its kernel and software more closed, they're just locking out new developers and applications. If they keep this up, Windows may only be able to run Microsoft Software.
Microsoft has actually been bending over the backwards to help the anti-virus companies properly integrate their products into the new windows Vista. The problem comes from miscommunication. Billy is using his new speech-to-text program for all correspondece.
I think we should make a couple anti-virus programs with personalities like midget stoners,
Dude, like, the computer went that way.... I think...
Or mabye Microsoft should invent an all-in-one package to secure their pcs, instead of me installing a million diffrent MS products.... nah, thats a stupid idea.
It's not -1 Flamebait! It's +5 Funny. You just didn't get the joke...
So how does this fit with Microsoft's 12 Windows Principles?
Oh hang on, nowhere in those principles does it mention anything about giving competitors open access to Windows systems. Maybe this one:
"Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for application developers and Web site creators to build innovative products on the Windows platform -- including products that directly compete with Microsoft's own products."
Translation: We love products that compete with us, so long as they run on Windows, because it just means you're doing the R&D work for us. Hey, that's how we got to be so large, by taking ideas from other people, so why stop now?
My blog
They are basically saying that they want the existing weak kernel model to continue to be supported because at least it allows them to do things they way they have been for a long time. This is, of course, stupid. It's like my locksmith not wanting me to get a new door because his equipment won't work with it, even if the new door theoretically provides the basis for better security long-term.
I'm not saying the new intercept model is great, I'm saying the answer isn't "leave it like it was". Instead of whining, why don't they engage Microsoft and figure out what exactly they need. Regardless of what your average wanker things, Microsoft will NOT be in a good situation if Vista turns out to be a dud security-wise. They want it to work.
IMO Microsoft has a lot of gall to charge people to fix the problem that they created in the first place.
that the new Ford Popular has no provision for horse harnesses or whip storage facilities
No-one comes here for the news! Not only is it always a day or two late, we often recycle it just for fun, and then make 'slashbacks' on it one more time just to annoy the hell out of people like you.
People come here for the comments. Like this comment.
Actually there's a story about this comment. A guy sold me a whole pack of comments, telling me they were cool and the latest fashion. But when I took them home they started making all kinds of noise, and annoying the neighbours. So I tried to flush one down the toilet but it just got stuck and the toilet overflowed, so I had a living room full of noisy, wet, and smelly comments, which really annoyed the neighbours. I tried burning the comments in a barbeque but they didn't really catch, but started smoking, so I found myself with a whole house full of smoking, smelly, wet, noisy comments. Luckily, some of my friends had mod points, so we caught the comments and modded them down to -1 insane, which made them a lot madder, but at least no-one could see them any more. I was left with a single comment, slightly used, but after I dried it in the microwave and it passed the lameness filters, I posted it here.
There are no old stories, only old comments.
My blog
Mirosoft started treating device driver that were not 'certified' for Windows XP differently in the installation process. the certification process is expensive and I have had numerous drivers that generated warning prompts because the manufacturers did not pay the Microsoft tax. I had a feeling that it would only be a matter of time before Microsoft created its own 'digital signature' like process for certifying system or application software.
ByteMyCode.com: A Web 2.0 code sharing community.
Where the F*** is the DOJ?
Binary patching a kernel is just plain wrong. It's an unstable hack.
You're supposed to patch the kernel source and recompile. Oh...
If AV makers can keep 60% of that total among themselves, then their own collective piece of the pie is sufficient, and they can let their marketing departments fight the other AV marketing departments for marketshare.
Compare 5 boxes of antivirus software at Wal-Mart these days, and you see identical packaging. These companies are either used to being told what to do, or else lack originality and just copy each other at every turn.
How exactly are they going to keep up with all of the new viruses/trojans/etc released for Vista? I know it's supposed to be "so goddamn secure", but nothing's foolproof, let alone a silly little MS product.
I dread to think how bad the current state of spyware/adware and malicious code would be if MS made themselves the end-all for anti-virus protection in XP. What a monumental fuckup Vista will be.
Ex nihilo nihil fit.
By far the best thing that could happen to the security of Windows would be if everybody forgot the personal firewalls, Norton Virus, etc., and used external boxes for these purposes. By the time anything running inside of Windows has a chance to try to do the job, it's too late. Windows is extremely large and complex, with myriad routes from almost any place to any other. Once malicious code is on the machine, it's too late to be at all certain you can prevent it from doing its dirty work.
The universe is a figment of its own imagination.
You can do your antivirus activites just fine using supported methods and interfaces, and it doesn't require patching kernel code.
Filesystem filter driver. Possibly some other filter drivers. Cleaning service. Low-privilege interface. That's all you need.
Microsoft's New OS to Run Exclusively Microsoft Products
October 28, 2010
REDMOND, Wash. — Microsoft has just made a last-minute change in plans for it's newest operating system, Windows Vista.
The operating system, scheduled for release this December, will now only run Microsoft products, according to CEO Steve Ballmer.
"This is a very exciting time for us all," announced Ballmer. "For years, end-users have been forced to choose between products by third party developers and Microsoft. Now, they won't have to," he explained.
Ballmer also claims that the new operating system will feature cutting-edge security.
"Because the system will only run Microsoft products, you will continue to see the stability and security you expect of Microsoft," he continued. "And with the new Privacy Protection Advantage software, you can be assured your copy of Windows is genuine, because otherwise all of your hard drives would be erased and appropriate authorities will be dispatched. You couldn't possibly be able to use this system if it wasn't."
Microsoft also recently announced it's new Quality Assurance Software, which is bundled with Windows Vista and is now a required Windows XP update.
"It searches your hard drives for foreign operating systems and deletes them immediately to assure that all of your software on your machine is of uniformly good quality. It also will automatically reinstall Windows on all of your hard drives in case you get tempted and decide to try any lesser operating systems," Ballmer noted.
While Linux, BSD, and (past) OSX developers are used to an open kernel, Microsoft has a long tradition of security through obscurity. Microsoft has also not had a problem with rolling over competitors and even collaborators with a lock-out technology when they feel they are in a position to make more money. Those arguments are common and they won't even make a blip on the conciousness of most people.
What would really get Microsoft to pull it's greedy hands out of making "security services" the next extension of its monopoly powers? I think it would be when the Ralph Naders, and liability lawyers take Microsoft becoming the sole provider as admission of making a product with a faulty design and trying to profit from it.
If you want to make Microsoft open it's doors and keep it's hands off the security market, then you need to make noise about this new tactic as being a tacit admission of faulty products and trying to profit from supplying the broken product and the fixes. Perhaps then, Microsoft might be eager to open the kimono for third party or independent review.
Prrogrammers are lazy, that's just how it goes. I remember all the Strum und Drang over Windows 2000 and it's new audio model. Basically, MS did a revamp of how audio was handled in 2000. It's a much better model. However it was different from what the pro audio companies were used to so they cryed about it. I had a $600 10-channel pro card at the time. When 2k came out, I wanted to switch. However they had no 2k drivers, you had to install the NT drivers which did work, but were a pain in the ass. They said "There will never be Windows 2000 drivers, 2000 is unsuited to audio."
What they were worked up about was the kernel mixer, a subsystem that introduces 30ms of latency to audio. Now of ocurse this isn't a problem, first because the drivers are aware of this and do time compensation so it only matters for live sound-on-sound recording (meaning you are playing something that a musician is listening to and recording what they are doing) and you can bupass teh kernel mixer anyhow.
Well finally they figured that out (it's in the documentation for the new driver model) and they released a driver... That only supported 2 channels of the 10 on the card. They claimed that the new driver model didn't support more than 2 channels on a card. I e-mailed MS about this and I think they were sufficiently supprised by the stupidity of the question that they responded. they pointed out that not only could they enumerate the device as multiple 2-channel devices (as you had to do in Win98 and NT since they only supported 2 channels) but WDM could handle real multi-channel devices as well.
Some e-mails back and forth with the company and finally they came out with a functioning WDM driver for their card. These days, their cards have ONLY WDM drivers available, they don't support 98 or NT anymore. However it was like pulling teeth to get them to learn the new method of doing things. Not because it was worse, it's not, but because they just wanted to keep doing things how they had in the past.
I'm sure that's basically what this is. MS has changed the way things work, if it's better or not one can debate, but it's not to screw the AV companies over. They are just being whiny because they don't want to have to change the way they do things.
I'm the first to shout hooray for a secure platform. But trying to lock out what cannot be locked out isn't security, it's stupidity. Now, I know that "being secure" is just the frontend to sell TCP, but at least a frontend should hold some water 'til it's sold.
Locking out competition by rising the cost to produce for a certain platform is a BAD idea. See IBM's Microchannel architecture for reference. And that was hardware, something you can't simply copy instead of shelling out the dough for the higher cost (which, in turn, is a result of licensing/signing fees).
Security comes with a sensible security concept. And that in turn is not linked to disabling the user's ability to install what he pleases, but it is a matter of permissions and differently enabled accounts. One for installing, one for everyday use. It's not like it is completely impossible, there are systems in existance who do just exactly that, and it doesn't take an IT expert to make it work. Everyone can do it, when it is implemented sensibly.
And when not every program needs admin rights to at least do what it is supposed to do.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I've been using a free version Agnitum's Outpost firewall for several years now on my w2k machine and its a clever little program, far simpler and thinner than the offererings from the major players. However like any good firewall program it does require the user to make very technical decisions on network traffic permissions whenever a process tries to contact the internet. Now before I praise it for not letting a process (virus/spyware/legitware) do a thing I don't want for the last couple of years, I do have to mention a disclaimer that in addition I've got the latest security updates for w2k, a NATted hardware firewall on the router and generally secured my system according to NSA's manuals.
Unlike in a Unix environment, in Windows the basic security concepts aren't required of the user. Windows computers despite the networking or even server capabilities are still built upon the philisophy of Personal Computer where the user has total control but also total responsiblity for what the software does. Microsoft's attempts to somehow augment security on top of this flawed concept is not going to succeed and in fact seems to be going the opposite way. Certainly my w2k box is easier to make secure than XP with its 'security improvements' and it seems Vista will make it impossible for the user to secure the computer that he's supposed to own and control.
Sadly I will try to stick with poor old w2k as long as possible but eventually I might have to resort to going the OSX way...
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.
p atch_FAQ.mspx
http://www.microsoft.com/whdc/driver/kernel/64bit
From the FAQ:
[snip]
Q. Patch protection prevents my application or driver from running. What are my options?
A. Modify your application or driver to use only Microsoft-documented interfaces. If the functionality you want to enable is not supported with Microsoft-documented interfaces, then you cannot safely enable that functionality. There is no mechanism to selectively disable patch protection or "special-case" a given application to work around patch protection. If an application or driver patches the kernel, it generates a bug check and shuts down the system. Note that patch protection in the operating system might be extended in future releases or service packs, so using any undocumented mechanisms in your application or driver (even if they seem to work on released versions of Windows that support patch protection) might result in further incompatibilities in the future.
If your application or driver must perform a task that you believe cannot be accomplished without patching the kernel, contact Microsoft Customer Support Services or your Microsoft representative for help in finding a documented alternative.
If no documented alternative exists for the functionality that you want to implement, then the functionality will not be supported on any Windows operating system that includes patch protection support.
[/snip]
I wonder what percent of the BSOD minidumps that come back to Microsoft are caused by somebody patching something they didn't understand or because some internal API changed?
Please think before posting. The way your post reads implies that Windows Vista will render the need for antivirus software obsolete.
If you honestly believe that, go back on your meds, mmkay? Because given Microsoft's track record w/r/t the claims it makes about the next version of Windows, nobody in their right mind believes anything coming from the Redmond PR machine anymore. Wasn't it XP or 2000 that wasn't going to need service packs? Yeah, that was a laugher. And there are plenty more examples.
No, it's like Locksmiths petitioning the state not to mandate that only one type of "new secure door" be used going forward, the specs of which will be kept a state secret.
I love these controversal subject names. Really gives you that "We hate Microsoft and are damn well proud of it!"
The title just smells of "We dont like other anti-virus makers and want to block them", when the real subject is more "We're securing our kernel better than before, making it harder to dig into things people shouldn't be. Work around the changes in our internal api if you want to continue doing the things you do."
I see this as nothing more than making a mountain out of an ant hill.
Two core elements of a sensible security model for me is notifying the user of something he might not want done, and allowing him to turn off superficial alerts so that he can concentrate on the real problems. Now I forget what the feature is called that Microsoft implemented that is supposed to do this sort of thing, but all the reports seem to be saying that it's been flagging superficial stuff like deleting a shortcut from the desktop and I haven't been hearing reports of it catching really serious stuff. Though instead of writing software to detect and notify about the really serious stuff, it seems that Microsoft has done this.
From what I've seen with beta drivers in Vista, it tells you explicitly what driver caused it. "nVidia Display Driver has attempted to alter and possibly destabilize your system" and then the driver is (somewhat glitched) stopped. Definitely more friendly than old school BSODs. We shall see how the final Vista plays out.
have been modded -1 trolls
nobody may have ever been fired for buying microsoft product
but nobody has ever been modded down for flaming Microsoft on slashdot
for fuck sake people have been bitching at m$ to secure the kernel better in future windows versions now they do and they are locking out the competition. If I was m$ i'd be really bummed out by this until I looked around and saw my huge piles of money laying around all over the place then I would be feeling ok again.
actually I am happy to see you, however that is in fact a banana in my pocket.
This is MS's OS. They do not give it to you or the anti-virus company. It is leased to you. That means that MS owns it and all the data that they claim that they own (i.e. the data that you produced on their OS). If they want to lock out anti-virus companies, I do not understand where the issue is. If these companies do not like it, then they should consider a new line of work on a different OS.
Sad to say, but there really is no need for anti-virus on other system. Yes, I know that Virus do occur on Apple, Linux, *nix, etc. But they are not much of an issue. All in all, MS is the ONLY system that requires it.
The real issue here, is that if a company really wants to make money and to not have to worry about unfair, illegal, and monopolistic actions against them when ever a company feels, then they should should NOT be on Windows.
I prefer the "u" in honour as it seems to be missing these days.
Dogs are eating dog food.
Cats are eatin gcat food.
Bush is doing something stupid.
Shaq is eating.
Grass is growing.
MSFT's bill for breaking EU law went up.
MSFT lies.
Vista is just that... a vista.
Linux is pwning server rooms across america.
Ballmer is throwing chairs.
Ballmer is cursing Google.
Ballmer heard repeating "developers, developers, developers" from people outside his bathroom window...
You see, the world just makes sense.
You use the wrong example for the locksmith. It should be this is like your locksmith rekeying the locks on your house with a special key that only they can produce and you must get from them. This is much like the automakers did with "smart" keys. It used to be if you needed an extra car key, you could get a copy made for a dollar or so. Now, you have to go to the dealer and pay $35 or more, depending on make or model.
Has the "new" car key approach made it harder to hack or steal cars, no, just more of a hassle for honest owners of the vehicle. Will the change being made by Microsoft ultimately make Windows more secure and harder to hack into? Likewise, no. It's all for the appearance of security, but until Microsoft changes the basic nature of Windows being able to connect to any device anywhere and automatically sharing files with Aunt Mary, there will always be holes to exploit.
Until Microsoft truly takes security seriously, they are still putting band-aids on top of fundamentally insecure systems. It's far cheaper to offer the appearance of security than to actually do it. Doing so would mean a whole new code base. Apple did it with OSX, the question is whether Microsoft has the ability to let go of the past to build for the future and do it, too.
Whether it's GM selling me a $1.00 key for $35 or Microsoft selling me a "trusted computing" platform, neither one will prevent someone from getting what is mine if they really want it.
Our software doesn't work, we're pissed. ... Instead of whining, why don't they engage Microsoft and figure out what exactly they need. ... Microsoft will NOT be in a good situation if Vista turns out to be a dud security-wise. They want it to work.
You must have read a different report. The one I read said that Microsoft was broken and they won't let anyone fix it. The M$ security model was easy to circumvent and that circumvention was the only way to get what they need to watch out for all the dirt bags doing the same thing to serve up adds and spam.
Insulting the people who try to fix what's broken on M$ is not a good way to apologize for M$'s broken junk.
Friends don't help friends install M$ junk.
... that Micro$oft is not capable of providing a properly secure system.
Programs running in userland should not be capable of modifying ANY part of the system.
The only time that system files should be even capable of being modified is when the system's administrator / root user is logged in with root/admin permissions - and then ONLY the root user should be capable.
Why should a program running with the permissions of a user be capable of performing as if it had permissions of an administrator?
The kernel should simply prohibit that without question and without exception.
Until M$ learns that lesson it will never be capable of producing properly secure software.
Actually, now that I've thought of it, the question is more along the lines of why doesn't M$ want to produce truly secure software - because given that company's resources there is no good reason that I can see that would explain why it produces such seriously insecure software!
This new kernel patch protection should be viewed as safety against badly coded legitimate drivers, not security against a rootkit.
/dev/hda) from user mode as administrator, a rootkit can simply take over the entire boot process starting with the MBR, and call NtShutdownSystem to force a reboot into the hacked MBR. If using EFI, it's a bit different but still not difficult.
Rootkit authors are some of the best programmers and reverse engineers in the world. Does anyone *really* think that rootkit authors won't find a way around ci.dll? Even Vista 64's requirement that all kernel drivers be signed is a real joke. As long as it is possible to write to \Device\Harddisk0\Partition0 (NT's
All this really prevents are mainstream drivers hooking into the kernel. Companies whose drivers once patched the kernel won't do so anymore, because if you bypass ci.dll publicly, Microsoft will "force" an update onto almost all users within days (or next second Tuesday if you're not important enough). I suppose that this is a good thing - I'm tired of stupid kernel drivers like nProtect and SafeDisc compromising system security and stability just to prevent cheating or copying (respectfully) in some game.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
After his statement, a followup announcement was made, pushing the expected release date back until March of 2011.
In Vista, programs normally run without admin privileges even when you're supposedly logged on as an administrator. It's much like OS X's handling of administrators, though not at the technical level (NT has no setuid).
The problem is that Microsoft is preventing certain things from happening even when you *are* running as a trusted user. In Vista 64, you *cannot* load an unsigned kernel driver, even if you are a maximum-privileged user mode program. This is retarded, because such a user mode program can take over the system anyway regardless of that.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
It's like an elemental system in an RPG. Windows is weak against hacks, but strong vs. clueless users. Unix variants are weak agains end user sympathies, but hardened against hackers and what not. Throw Linux at a clueless user or force a unix guru to use Windows and you're likely to kill maim or outright destroy them both. I guess Macs could be considered the "non-elemental" kills-all system. it really is like a game, but it's too bad it really isn't any fun at all.
The eternal struggle of good vs. evil begins within one's self.
I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.
Prorammers have long understood that, especially at the kernel level, the only way to understand what's happening down there is to study the source code (and, in some cases, the machine code that it compiles to). Anything else is at best a summary, and at worst a parody of what's really going on.
Face it, with a binary-only kernel, the only way to understand kernel issues and write powerful (or even effective) security products is to have access to the kernel internals. If you don't have that, you are locked out, and your products can never compete with those written by people with inside knowledge.
Without access to the source, the code in there could be doing anything at all, and you have no defense against it whatsoever.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
I tried to use Norton in one of my applications. It would have been very nice to be able to scan a user provided file with an antivirus application, but I couldn't find an API. All I was looking for was something like Microsoft Word had -- for a given user file, scan it and tell me if it is infected or not. Symantec wouldn't provide any information "for security purposes."
You can cite that, right? Because there aren't any "terms and agreements" governing the use of an iPod, disk mode is an advertised feature, and breach of contract is usually a civil offense.
Is anyone else as terrified (in context) by that as I am? We can discuss how effective the AV writers are, and whether some of them have side deals, but they are at least DIFFERENT companies trying to patch a known-broken OS. I trust them to SortOfWork.
... "less" broken? Didn't MS blow that feeble chance at trust just lately by shoving an also-broken WGA deceptively as a "critical update"?
The MS Source in the article has GOT to be kidding if we now have to take THEIR word that the known-broken OS is
---Moving from "Barely Positive Windows User" to "Trapped Windows User looking for the chance to switch".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I thought that Vista was going to ship with a system called Windows Filtering Platform, which, to my understanding, would let the firewalls filter packets without using ring 0 hacks.
Has this been scrapped along with WFS?
>> we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers
Go ahead and use them. Going by how long it normally takes Microsoft to respond, you've probably got at least 6 months before they close the hole you use, and MS don't know how to write secure code so there will always be some hack-attack you can use.
---Moving from "Barely Positive Windows User" to "Trapped Windows User looking for the chance to switch".
Go to http://distrowatch.com/. Pick a Distribution that captures your fancy, be it GNU/Linux, *BSD or Solaris. Download it. Install it. Learn how to use it, which means being a worthless noob for over 12 months. After that your MS detox is complete.
That's your chance right now. Any objections to it are excuses to keep using Windows, in which case you simply want what you say you want to ditch.
# touch universe # chmod +rwx universe #
It seems to me that just about everything you hear about in the news lately seems to fit the theory that MS is actively *trying* to get people to go over to OSX. WGA, AV vendors being stonewalled, licensing issues, etc. MS is in a dominant position now greatly because of piracy of their product, even Bill Gates admitted to that years ago. But what happens when it's no longer possible to easily pirate windows?
Large corporations will put up with it more than an individual user will, but what happens when the technology decision makers are all running OSX at home? Those people are going to start looking for places in their corporate infrastructure where they can replace Windows with something else, be it OSX, linux, or anything that doesn't have draconian licensing restrictions and the general hassle associated with running Windows. In fact, it's much more annoying if you actually have purchased licensed copies and still have licensing issues, and even worse if your mission critical production environment can be erroneously disabled.
Many of my corporate clients have already expressed some concern over their MS environment, and some are already actively looking for places where they can wedge something else in.
Need Free Juniper/NetScreen Support? JuniperForum
games and office.... well and maybe native adobe support...
:(
if it weren't for those.......
hmmmmm
Agnitum's technical brief about Microsoft's approach to Kernel Patch Protection has sparked intense discussion at Digg/Slashdot.
o n.php:
May we participate in the debate?
Agnitum believes Microsoft's motivation for introducing Kernel Patch Protection is clear. It is attempting to better protect the typical user of Windows XP x64 and Server 2003 x64 from rootkit vulnerabilities.
Unfortunately, the approach taken by Microsoft limits the ability of third-party software developers to protect Vista users from other vulnerabilities inherent to Windows. This affects not just Agnitum. It affects Zone Labs, McAfee, Symantec and other developers of security software.
Third-party security software uses a variety of approaches to protect Windows users. As we noted in the technical brief, http://www.agnitum.com/news/kernel_patch_protecti
"One of the most commonly used approaches to implementing proactive protection involves changing and monitoring the Service Dispatch Table (SDT), which is used by the OS to transfer control from user-mode to kernel (low-level system mode)."
Developers who need deep kernel integration often patch the kernel by changing the service number in the SDT, and when a call is made to invoke a system service, the third-party code is invoked instead of the kernel code -- and the third-party code then returns control to the operating system.
Kernel patch protection in the x64 versions of XP removes the ability of developers to legitimately change the service number in the SDT by hiding it - but imposes no such restriction on hackers.
Which is the point we are trying to make. On the one hand, kernel patch protection makes it more difficult for security software to defend Windows from attack. On the other hand, "surprise kernel patches" open Windows to new, broad attack. And please also note that there is no such thing as a secure firewall if that firewall lacks deep OS integration.
This is not progress. Microsoft's approach forces users to rely on Microsoft and only Microsoft for operating-system security. If past experience is anything to go by, we know that third-party security tools are more robust and provide better protection than what Microsoft offers.
Clearly, kernel patch protection in its current form is not perfect. Yes, Microsoft is correct in wanting to protect users from rootkits. However, from my point of view, it is more necessary to introduce security measures that do not make users more vulnerable.
Igor Pankov,
Product Marketing Manager at Agnitum